Details Tied to Safari Browser-based ‘ScamClub’ Campaign Revealed

2021-02-17 15:30

Details of a flaw in Apple's Safari browser, publicly disclosed Tuesday, outline how the cybergang known as ScamClub reached 50 million users with a three-month-long malicious ad campaign pushing malware to mobile iOS Chrome and macOS desktop browsers.

Impacted was Apple's Safari browser running on macOS Big Sur 11.0.1 and Google's iOS-based Chrome browser.

ScamClub is a well-established cybergang that for the past three years has hijacked hundreds-of-millions of browser sessions with malvertising campaigns that redirect users to adult and gift card scams.

What are the ScamClub Details of the WebKit Exploit?

In his Tuesday-report, Stein said this most recent ScamClub campaign redirected users to landing pages that offer prizes, such as "You've won a Walmart gift card!" or "You've won an iPhone!" to rather successful effect, he wrote.

Over the last 90 days alone, ScamClub has delivered over 50 million malicious impressions, "Maintaining a low baseline of activity augmented by frequent manic bursts," with as many as 16 million impacted ads being served in a single day, according to Stein.

News URL

https://threatpost.com/safari-browser-scamclub-campaign-revealed/164023/

#browser #safari